Tag: credit-card
-
FBI disrupts massive AI-powered phishing service using a million URLs
In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/
-
Magecart campaign exploits Stripe API for credit card theft
First seen on scworld.com Jump to article: www.scworld.com/brief/magecart-campaign-exploits-stripe-api-for-credit-card-theft
-
Credit card theft campaign abuses Stripe to host stolen payment info
A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/credit-card-theft-campaign-abuses-stripe-to-host-stolen-payment-info/
-
620.000 Euro Schaden: Mann soll Johnny Depp jahrelang unbemerkt abgezockt haben
Tags: credit-cardIn Ungarn ist ein Mann verhaftet worden, der knapp zwei Jahre lang unbemerkt Online-Einkäufe mit Johnny Depps Kreditkarte bezahlt haben soll. First seen on golem.de Jump to article: www.golem.de/news/620-000-euro-schaden-mann-soll-johnny-depp-jahrelang-unbemerkt-abgezockt-haben-2606-209358.html
-
KnowBe4 warnt: Gefälschte Umfragen stehlen Kreditkartendaten und persönliche Informationen
KnowBe4 Threat Labs warnen vor einer großvolumigen Phishing-Kampagne mit gefälschten Umfragen, Marken-Imitationen, NRDs und Kreditkarten-Harvesting. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/gefaelschte-umfragen-stehlen-kreditkartendaten-und-persoenliche-informationen/a45346/
-
Carding forum B1ack’s Stash releases millions of stolen credit card records
First seen on scworld.com Jump to article: www.scworld.com/brief/carding-forum-b1acks-stash-releases-millions-of-stolen-credit-card-records
-
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free
Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card records for free, not because of a law enforcement action or a system compromise, but…
-
Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/funnel-builder-wordpress-plugin-bug-exploited-to-steal-credit-cards/
-
Magecart Hackers Exploit Google Tag Manager to Inject Credit Card Skimmers
Magecart-style attackers are once again abusing trusted web services, this time weaponizing Google Tag Manager (GTM) to inject credit card skimmers into ecommerce websites stealthily. Because GTM is widely used and loaded from the trusted domain googletagmanager.com, malicious scripts can blend in with legitimate site functionality, making detection significantly harder. Once embedded into a compromised…
-
Brit mathematician lets AI agent loose with credit card cue password leaks, CAPTCHA chaos and more
Professor Fry’s AI experiment shows light and dark sides of agentic tech First seen on theregister.com Jump to article: www.theregister.com/2026/05/05/british_mathematician_tinkers_with_openclaw/
-
Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards
A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw. First seen on hackread.com Jump to article: hackread.com/misconfigured-server-hackers-leak-stolen-credit-cards/
-
The Facebook ID problem breaking your DLP alerts
Tags: ai, api, credit-card, data, detection, exploit, finance, governance, LLM, ml, PCI, risk, service, sql, technology, tool, zero-trustHow we reverse-engineered the structure of Facebook IDs to improve credit card classification. (This is blog 3 in our Classification Series. You can also read {children} and {children}) The concept behind data loss prevention (DLP) platforms is simple and powerful: Discover and classify sensitive data then apply policies to prevent that data from leaving the…
-
The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards
AI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn’t a complete disaster. First seen on wired.com Jump to article: www.wired.com/story/the-race-is-on-to-keep-ai-agents-from-running-wild-with-your-credit-cards/
-
The AI criminal mastermind is already hiring on gig platforms
Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/ai-criminal-mastermind-gig-platforms/
-
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
In cybercrime markets, trust isn’t assumed, it’s verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/inside-an-underground-guide-how-threat-actors-vet-stolen-credit-card-shops/
-
Attackers Deploy Hidden Magecart Skimmer on Magento Using SVG onload Abuse
Security researchers at Sansec uncovered a large-scale Magecart campaign targeting Magento e-commerce platforms. Nearly 100 online stores were infected with a sophisticated credit card skimmer. To evade security scanners and steal shopper payment data seamlessly, attackers concealed the malicious payload inside an invisible SVG image element. Threat intelligence suggests the attackers likely breached the sites…
-
Hackers use pixel-large SVG trick to hide credit card stealer
A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-use-pixel-large-svg-trick-to-hide-credit-card-stealer/
-
Planning a spring break trip? Don’t fall for these 7 travel scams
<div cla Spring break scams are out to ruin your vacation, but they don’t have to. With a little awareness and Avast Free Antivirus protecting your devices, you can hit the beach without handing criminals an opening. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/planning-a-spring-break-trip-dont-fall-for-these-7-travel-scams/
-
Apple rolls out age verification to UK iPhone users
The age filters will be turned on by default, meaning that all users, including adults, will have to prove their age via credit card and other payment methods on file or by submitting an ID to be scanned. First seen on therecord.media Jump to article: therecord.media/apple-rolls-out-age-verification-uk-iphone-users
-
Massive Telegram-Razzien
Check Point Software Technologies hat die millionenfache Löschung von verdächtigen Telegram-Kanälen beobachtet. Rund 20 Prozent der blockierten Kanäle standen laut Check-Point-Exposure-Management in Verbindung mit kriminellen Aktivitäten, die Unternehmen direkt betreffen, darunter illegaler Handel mit entwendeten Kreditkarten- und Logindaten. Telegram zuletzt stark unter Druck Nachdem die Plattform jahrelang eine eher lasche Moderationspolitik fuhr, geriet Telegram zuletzt…
-
Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads
Tracking pixels let social media companies spy on their users even after they click over to advertiser sites, gleaning credit card info, geolocations, and more, according to an analysis. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/meta-tiktok-steal-sensitive-pii
-
Meta, TikTok Steal Personal & Financial Info When Users Click Ads
Tracking pixels let social media companies spy on their users even after they click over to advertiser sites, gleaning credit card info, geolocations, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/meta-tiktok-steal-sensitive-pii
-
Meta, TikTok Steal Users’ Sensitive PII When They Click on Ads
Tracking pixels let social media companies spy on their own customers when they click over to advertiser sites, gleaning credit card info, currency type, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/meta-tiktok-steal-sensitive-pii
-
New Phishing Scam Uses LiveChat to Pose as Amazon and PayPal in Real Time
Cofense researchers warn of a phishing scam where attackers use LiveChat to impersonate Amazon and PayPal agents and steal credit card and MFA codes. First seen on hackread.com Jump to article: hackread.com/phishing-scam-livechat-pose-as-amazon-paypal/
-
LiveChat Abuse: How Phishers Are Exploiting SaaS Support Tools to Steal Sensitive Data
Tags: attack, credentials, credit-card, cybercrime, data, email, exploit, finance, mfa, phishing, saas, service, threat, toolThreat actors are abusing the LiveChat SaaS platform to impersonate brands like PayPal and Amazon in phishing campaigns designed to steal credentials, credit card details, MFA codes, and other sensitive data. Victims are lured through phishing emails and directed to LiveChat pages where attackers use chat interactions to request personal and financial information. The campaign…
-
Shadow AI vs Managed AI: What’s the Difference? FireTail Blog
Tags: access, ai, api, attack, breach, chatgpt, ciso, cloud, computer, control, credentials, credit-card, data, data-breach, framework, google, injection, intelligence, Internet, law, LLM, malicious, mitre, monitoring, network, password, phishing, phone, risk, software, switch, threat, tool, training, vulnerabilityMar 04, 2026 – – Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a “Paved Path”: It uses approved, secure versions…
-
Cybercriminals Exploit Fake Avast Website to Steal Users Credit Card Information
Cybercriminals have launched a convincing phishing operation by building a fake Avast website designed to steal credit card information from unsuspecting visitors. The fraudulent page mimics Avast’s official portal almost perfectly, complete with the genuine Avast logo pulled directly from the company’s content delivery network. It displays regular navigation links like “Home,” “My Account,” and…
-
Refund scam impersonates Avast to harvest credit card details
A convincing fake Avast site displays a Euro499.99 charge and promises a refund. Instead, it harvests your name, address, and full credit card details. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/refund-scam-impersonates-avast-to-harvest-credit-card-details/
-
Identity verification systems are struggling with synthetic fraud
Fake and expired IDs keep showing up in routine customer transactions, from alcohol purchases to credit card applications. The problem shows up most often in industries that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/analysis-identity-verification-fraud-report/